Creative Red Teaming

Unlike traditional red teaming courses, this course does not cover how to run automated vulnerability scans. This course focuses on how to understand and use open- source tools used by real world attackers and fine-tune them to fit an organization’s specific needs (traditional red teaming courses typically cover automated vulnerability scans). Learners will develop the ability to think like an attacker and creatively use native, built-in tools to accomplish goals while avoiding detection.

This fast-paced technical course shares the secrets of Mandiant red team methodology through scenario-based labs. Learners will get hands-on experience in conducting covert cyber attack simulations that mimic real-world threat actors. They will learn how to bypass advanced network segmentation and multi-factor authentication, abuse web applications, escalate to domain administrator and steal data while circumventing detection methods. Mandiant professionals will offer instruction based on frontline expertise as well as intelligence-based security research.

Learning Objectives

After completing this course, learners should be able to:

  • Identify, fingerprint and compromise a target with custom-crafted payloads while bypassing antivirus (AV) detection
  • Deploy creative tactics—from older techniques to newer ones—to maintain access to any compromised machine
  • Understand the tools and methods attackers use to exploit the lowest-level user privileges to gain higher, administrative privileges and move laterally throughout a network while avoiding security alerts
  • Avoid and bypass various challenges such as application whitelisting, encryption, multi-factor authentication, sandboxes and more
  • Exfiltrate data from “secure” networks undetected, without triggering firewalls or generating alerts
  • Identify the goals and challenges of managing a red team operation, including risk measurement and reporting

Who Should Attend

Red team members, penetration testers, defenders wanting to understand offensive tactics techniques and procedures (TTPs) and information security professionals looking to expand their knowledge base.


A background in conducting penetration tests, security assessments, IT administration, and/or incident response. Working knowledge of the Windows operating system, file systems, registry and use of the Windows command line. Experience with, Active Directory, basic Windows security controls, common network protocols, Linux operating systems, Scripting languages (PowerShell, Python, Perl, etc.) and assessment of web applications using the OWASP top 10.

What to Bring

A laptop with a USB port (for installing software provided on a USB stick), an Ethernet port (or adapter), and local administrator rights to the host OS and VMs.


4 days

Instructor-Led Training Instructor-Led Training

Courses cannot be purchased or accessed from this site.

If you would like to register for this course, please contact your FireEye account manager.

Thank you.